logo

Privacy policy

REGISTERING ON THE PLATFORM


Crowdvillage S.r.l. hereinafter referred to as “Data Controller” or “Crowdvillage”) provides the following information to the Data Subject, the person to whom the personal data refers, pursuant to art. 13 of EU Regulation no. 2016/679 dated 27 April 2016 (hereinafter referred as GDPR), the information concerning the protection of personal data. This information notice is intended to describe the personal data processing details and the measures taken to protect the rights of data subjects.

The information is released on the Crowdvillage’s website (www.itslending.it, hereinafter referred to as the Site) in the "Privacy Policy” section on the site’s Home Page.


Data Controller

The Data controller is Crowdvillage S.r.l., domiciled and headquartered in via Ciro Menotti n. 21 - 20129 - Milano (MI) - VAT 03960560922 - E-mail address: privacy@itslending.it


Categories of Data

The Data Controller processes the following categories of data:


  • - Personal data
  • - Contact data

Purposes for the Processing of the Data Subject’s personal data

The Data Controller processes the Data Subject’s personal data for the following purposes:


  • a) Facilitating the pre-registration to the platform.
    The data collected for this specific purpose shall be stored
  • b) Giving explicit consent to the Data Controller to send regular newsletter.
  • c) Giving explicit consent to the Data Controller to divulge information concerning the services the platform provides

Lawfulness of processing

Processing shall be lawful if:


  • it is necessary to take steps at the request of the data subject prior to entering into a contract.
  • the data subject has given his or her consent.

    • Data retention period

    The Data Subject’s personal data, processed for the purpose of letter (a) will be stored until the purpose is fulfilled and in any case for a period of not more than 36 months from the date when the registration was made.
    The Data Subject’s personal data, processed for the purposes of letters (b) (c) will be stored for 36 months, except in the case of an early withdrawal of consent.


    Processing methods and place of storage

    Personal data are processed to fulfil the Purposes set out in this Information Notice both in its electronic and paper format.
    To fulfil the purposes of letters (b) (c), the Data Controller shall transfer the persona data to the Rocket Science Group LLC, with registered office in 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA (Mailchimp) that could transfer data outside the European Economic Area. Mailchimp declares to provide appropriate safeguards for the transfer of data in compliance with Article 46 of the GDPR (Standard contractual clauses).


    Mandatory or optional nature of the provision of personal data

    The provision of data for the purpose of letter (a) is mandatory and the refusal to provide it will make it impossible for the Data Controller to register you on the platform.
    The provision of data for the purpose of letter (b) is optional and the refusal to provide it will prevent the Data Controller from sending newsletters.
    The provision of data for the purpose of letter (c) is optional and the refusal to provide it will prevent the Data Controller from sending communications on the services offered by the platform.


    Recipients of your Personal Information

    The Data Subject’s personal data shall be processed by the following parties according to the principles of indispensability:


    • - The Data Controller’s personnel, who acts and processes data under the authority and instructions of the Data Controller, pursuant to art. 29 of the GDPR or of the employees appointed by the Data Controller, in accordance with art. 2 quaterdecies of Legislative Decree nr. 101/2018.
    • - Individual or legal entities whose right to access the personal information of the Data Subject is recognized by legal provisions provided for by European Union law or Italian law, such as, by way of example, competent authorities and / or supervisory bodies for the fulfilment of legal obligations, and public administrations for their institutional purposes.
    • - Individual or legal entities resorted to by the Data Controller to perform activities that are instrumental to fulfil the Purposes (such as, for example, software suppliers, cloud partners, data centres, IT consultants). Third parties who access the information shall do so in compliance with the current legislation on the protection of personal data and the instructions given by the Data Controller and shall in any case be appointed Data Processors by the Data Controller.

    A list of the Data Processors is available in the Data Controller’s headquarters.

    Dissemination of Data

    Data shall not be disseminated in any way.


    Rights of the Data Subject

    The GDPR awards the Data Subject specific rights. The Data subject can exercise the following rights for each data processing operation:


    • - The Right of access: You have the right to obtain a copy of your personal data in our possession subjected to processing.
    • - The Right to rectification: You have the right to ask for your personal data to be rectified if they are incorrect or incomplete.
    • - The Right to object to the processing of personal data for commercial purposes: you can ask the Data Controller to stop sending you commercial communications at any time.
    • - The Right to object to decisions based on exclusively automated processes: you can request not to be the recipient of decisions exclusively made on the basis of totally automated processes, including profiling activity.
    • - The Right to withdraw consent: you have the right to withdraw your consent at any time.
    • - The Right to contact the Guarantor for the protection of personal data: you have the right to contact the competent supervisory Authority directly. In Italy the “Garante per la Protezione dei Dati Personali” (https://www.garanteprivacy.it/) is the Data Protection Authority.

    The Data Subject can also exercise the following rights under certain conditions:


    • - The Right to deletion: you have the right to obtain the erasure of your personal data if the purposes of the processing no longer exist and there are no legitimate interests or legal provisions that require data to be stored.
    • - The Right to object to processing: you have the right to object to certain types of processing (for example, when it is necessary for the purposes of the legitimate interests pursued by the Data Controller’s legitimate interests).
    • - The Right to restrict processing: You have the right to restrict the scope of the Data Controller’s processing of your personal data under certain conditions (for example, where the Data Controller no longer needs your Data, but the processing is still necessary for the establishment, exercise or defence of legal claims).
    • - The Right to data portability: You have the right, in certain situations, to receive a copy of your in a structured, commonly used and machine-readable format , which can be accessed by another data controller.

    To exercise the aforesaid rights, the Data Subject can send an email or write to the following addresses, specifying his/her requests and providing the Data Controller with the information needed to correctly identify the sender (by also attaching thereto a copy of his/her ID document):


    • - by mail: Crowdvillage S.r.l., via Ciro Menotti n. 21 - 20129 - Milano (MI).
    • - by e-mail: privacy@itslending.it

    Crowdvillage will reply within a month. In the event that the Data Controller is unable to respond, it shall provide a detailed explanation as to why the Data Subject’s request cannot be met.

    Version 01 - July 2021